Establishing Links Between Sub-Nets

ABSTRACT

Disclosed is a gateway between a first sub-network and a second sub-network, the first sub-network being isolated from the second sub-network, the gateway being configured to send, to a first node of the first sub-network, information for use in establishing a bridge to a second node of the second sub-network; and a device comprising the first node, the first node being configured to use the information to establish a bridge to the second node, the bridge for enabling communication between the first node and the second node that does not pass through the gateway.

CLAIM OF PRIORITY

This application claims priority under 35 U.S.C. §119(e) to provisionalU.S. Patent Application 61/973,962, filed on Apr. 2, 2014, entitled:“Wireless Sensor Network”, and provisional U.S. Patent Application61/946,054, filed on Feb. 28, 2014, entitled: “Wireless Sensor Network”,the entire contents of which are hereby incorporated by reference.

ESTABLISHING LINKS BETWEEN SUB-NETS BACKGROUND

This specification relates generally to establishing links betweensub-networks.

Wireless sensor network/wireless device based data collection systemshaving remote server-based monitoring and report generation are used inapplications such as home safety monitoring, electrical and waterutility meter monitoring, and human and asset tracking. For example, itis common for businesses and homeowners to have a security system fordetecting alarm conditions at their premises and for signalingconditions to a monitoring station or to authorized users of thesecurity system.

SUMMARY

According to an aspect, a system includes a gateway between a firstsub-network and a second sub-network, the first sub-network beingisolated from the second sub-network, the gateway being configured tosend, to a first node of the first sub-network, information for use inestablishing a bridge to a second node of the second sub-network; and adevice comprising the first node, the first node being configured to usethe information to establish a bridge to the second node, the bridge forenabling communication between the first node and the second node thatdoes not pass through the gateway.

Other aspects include methods and computer program products.

Any two or more of the features described in this specification,including this summary section, may be combined to form implementationsnot specifically described herein.

All or part of the foregoing may be implemented as a computer programproduct comprised of instructions that are tangibly stored on one ormore non-transitory machine-readable storage media/hardware devices, andwhich are executable on one or more processing devices. All or part ofthe foregoing may be implemented as an apparatus, method, or networksystem that may include one or more processing devices and memory tostore executable instructions to implement functionality.

The details of one or more examples are set forth in the accompanyingdrawings and the description below. Further features, aspects, andadvantages will become apparent from the description, the drawings, andthe claims,

DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram of an example networked security system.

FIG. 2 is a block diagram of a portion of the networked security systemof FIG. 1.

FIG. 3 is a flowchart showing an example process for maintaining routingtables in the network portion of FIG. 2.

FIG. 4 is a block diagram of example network containing sub-networks.

FIG. 5 is a block diagram of an example network containing a bridgebetween sub-networks.

FIG. 6 is a block diagram of components of an example networked securitysystem.

DETAILED DESCRIPTION

Described herein are examples of network features that may be used invarious contexts including, but not limited to, security/intrusion andalarm systems. Example security systems may include an intrusiondetection panel that is electrically or wirelessly connected to avariety of sensors. Those sensors types may include motion detectors,cameras, and proximity sensors (used, e.g., to determine whether a dooror window has been opened). Typically, such systems receive a relativelysimple signal (electrically open or closed) from one or more of thesesensors to indicate that a particular condition being monitored haschanged or become unsecure.

For example, typical intrusion systems can be set-up to monitor entrydoors in a building. When a door is secured, a proximity sensor senses amagnetic contact and produces an electrically closed circuit. When thedoor is opened, the proximity sensor opens the circuit, and sends asignal to the panel indicating that an alarm condition has occurred(e.g., an opened entry door).

Data collection systems are becoming more common in some applications,such as home safety monitoring. Data collection systems employ wirelesssensor networks and wireless devices, and may include remoteserver-based monitoring and report generation. As described in moredetail below, wireless sensor networks generally use a combination ofwired and wireless links between computing devices, with wireless linksusually used for the lowest level connections (e.g., end-node device tohub/gateway). In an example network, the edge (wirelessly-connected)tier of the network is comprised of resource-constrained devices withspecific functions. These devices may have a small-to-moderate amount ofprocessing power and memory, and may be battery powered, thus requiringthat they conserve energy by spending much of their time in sleep mode.A typical model is one where the edge devices generally form a singlewireless network in which each end-node communicates directly with itsparent node in a hub-and-spoke-style architecture. The parent node maybe, e.g., an access point on a gateway or a sub-coordinator which is, inturn, connected to the access point or another sub-coordinator.

FIG. 1 shows an example (global) distributed network topology 100 for anexample Wireless Sensor Network (WSN). In example network topology 100,upper tier 101 of the network may include traditional servers 103 and/orvirtual servers running in a “cloud computing” environment and networkedusing appropriate networking technologies such as Internet connections.Applications running on those servers may communicate using XML/SOAP,RESTful web service, and/or other appropriate application layertechnologies such as HTTP and ATOM.

In example network topology 100, middle tier 104 may include gateways105 located at central, convenient places inside individual buildingsand structures. Such gateways may communicate with the upper tierservers and cloud applications using web programming techniques or otherappropriate technologies. These gateways 105 communicate with servers103 in the upper tier whether the servers are stand-alone dedicatedservers and/or cloud based servers running cloud applications using webprogramming techniques. The middle tier gateways 105 are also shown withboth local area network (e.g., Ethernet or 802.11) and cellular networkinterfaces.

In example network topology 100, lower tier (edge layer) 108 may includefully-functional sensor nodes 110 (wireless devices, marked in FIG. 1with “F”) and constrained wireless sensor nodes or sensor end nodes 111(marked in FIG. 1 with “C”). In some implementations, each gateway maybe equipped with an access point (fully functional node or “F” node)physically attached thereto, which provides a wireless connection pointto the other nodes in the wireless network.

Constrained computing devices as used herein are devices withsubstantially less persistent and volatile memory other computingdevices, sensors in a detection system. Currently examples ofconstrained devices would be those with less than about a megabyte offlash/persistent memory, and less than 10-20 kilobytes (KB) ofRAM/volatile memory). These constrained devices are configured in thismanner; generally due to cost/physical configuration considerations.

In a typical network, the edge (wirelessly-connected) tier of thenetwork is comprised of highly resource-constrained devices withspecific functions. These devices have a small-to-moderate amount ofprocessing power and memory, and often are battery powered, thusrequiring that they conserve energy by spending much of their time insleep mode. Atypical model is one where the edge devices generally forma single wireless network in which each end-node communicates directlywith its parent node in a hub-and-spoke-style architecture. The parentnode may be, e.g., an access point on a gateway or a sub-coordinatorwhich is, in turn, connected to the access point or anothersub-coordinator.

In example network topology 100, the communication links (illustrated bylines 113) shown in FIG. 1 are direct (single-hop network layer)connections between devices. A formal networking layer (that mayfunction in each of the three tiers shown in FIG. 1) can use a series ofthese links, together with appropriate routing technology, to sendmessages (fragmented or unfragmented) from one device to another, over aphysical distance. In other network topologies, each link may representtwo or more hops and/or the configuration may be different than shown inFIG. 1.

In some example implementations, WSN state function based applicationlayer uses an edge device operating system (not shown, but such asdisclosed in the above mentioned provisional application) that allowsfor loading and execution of individual functions (after the booting ofthe device) without rebooting the device (so-called “dynamicprogramming”). In other implementations, edge devices could use otheroperating systems provided such systems allow for loading and executionof individual functions (after the booting of the device) preferablewithout rebooting of the edge devices.

Example distributed network topology 100 may include or be part of aself-organizing network, such as a wireless mesh network. In someimplementations, all of distributed network topology 100 is implementedusing wireless mesh technology. In some implementations, only part ofdistributed network topology 100 is implemented using wireless meshtechnology. For example, in FIG. 1, in some implementations, upper tier101 may be implemented using standard network technology, and middletier 104 and lower tier 108 may be implemented as one or more wirelessmesh networks. In some implementations, upper tier 101 and middle tier104 may be implemented using standard network technology, and lower tier108 may be implemented using one or more wireless mesh networks. Forexample, a different wireless mesh network may be associated with eachgateway, or a single wireless mesh network may include all of thegateways shown in FIG. 1 (and others), as well as all or some functionaland sensor nodes.

In some implementations, wireless mesh network is a self-organizingwireless network, in which the network devices themselves establishcommunication links with one another. The communication links may beestablished by maintaining and updating routing tables associated witheach network device. In the example implementations described herein, awireless mesh network may be established between sensor, functionaland/or gateway devices that are part of a larger building, orenterprise-wide system. In examples, such devices may be used formonitor and/or control in a security/intrusion, fire alarm, or otherappropriate system. The devices report status information from theirsystems to a central monitoring service, which may include one or morehost computing devices. For example, the central monitoring service mayinclude server 103 and/or server 130, in addition to other computingequipment. The central monitoring service may also send controlcommands, which the devices use for configuration and/or control.

FIG. 2 shows components of an example wireless network 200 on which theprocesses described herein may be implemented. In the implementationsdescribed herein, wireless network 200 is a wireless mesh network, andmay be part of the larger network shown in FIG. 1. However, in otherimplementations, the processes described herein may be performed usingother types of networks.

Wireless network 200 may be a heterogeneous network, in which devices onwireless network 100 do not perform the same functions, or a homogeneousnetwork, in which devices on wireless network 100 perform the samefunctions or substantially the same functions. Wireless network 100includes nodes 201 to 205, which may, or may not, be endpoint devices onthe network, such as sensors, monitors or the like. Typically, theprimary connection between a node and the network is wireless; however,one or more of nodes 201 to 205 may also include a wired connection tonetwork 200.

Wireless network 200 also includes coordinator devices 210 to 212, whichmay be intermediary devices on the network. In the exampleimplementations described herein, a coordinator device, e.g.,coordinator device 210, functions as a router or repeater to forwarddata packets sent by anode, e.g., node 201 or node 204 (which need notbe a directly connected node) or by another coordinator device, e.g.,coordinator 211, along a path through wireless network 200. Thecoordinators 210-212 communicate with each other to maintain and updaterouting information to enable communication between devices, and toaccount for changes in the network 200. The coordinator devices storerouting information, such as a next hop along a network path to a datapacket's intended destination, and a hop on a return path. Thisinformation is stored in one or more local routing table(s) (e.g., localrouting table 206, 207, 208) in memory on, or otherwise accessible to,the corresponding coordinator device. In some implementations, the nodesmay also include one or more such routing table(s), particularly if thenodes are, or may become part of, a network pathway. The processesdescribed herein may be used to build, and update, those routing tables,along with routing tables on any other appropriate network devices.

Nodes 201 to 205 and coordinator devices 210 to 212 may communicate viaradio frequency (RF) links using any appropriate wireless protocol orprotocols. Wireless network 200 may also include other types of devices(not shown), such as computers, base stations, or embedded processingdevices that interact with the devices of FIG. 2.

Nodes 201 to 205 may each be either a source or a destination of networkdata. In some implementations, the nodes constitute, or are to, one ormore sensors or controlling devices. The sensors are part of physicalsystems, such as an alarm system or a security system, as noted above,and sense or monitor physical quantities, such as temperature, movement,or the like. A node acquires analog and/or digital signals as a resultof this sensing and transmit data packets corresponding to these signalsto an appropriate device via wireless network 200. An antenna (notshown) is included on each endpoint device to enable transmission.Antennas are also included on the other wireless devices in the network.

Multiple mesh networks may occupy the same physical space. Data packetsfor such networks may be differentiated, e.g., by a network groupidentifier (ID). Thus, the networks remain logically separate eventhough they occupy the same physical space.

Wireless mesh networks are typically established by one or moreprospective network devices initiating communication to one or moreother prospective network devices. For example, a first prospectivenetwork device (such as node 202) may output a packet identifying thefirst device (node 202) and in an attempt to locate other devices withinthe RF vicinity of the first device (node 202), with which the firstdevice may connect. A second prospective network device (such ascoordinator device 210) in that vicinity may respond and identify itselfas a device that is available for connection to the first device. Thetwo devices may then establish a connection through appropriateback-and-forth communications. This general process, or other(s) likeit, may be repeated either by both devices or by other devices until themesh network is formed. Typically, at least one of the devices isinitially in communication with a base station or other wired connectionto the central monitoring service, enabling connection between thewireless mesh network and the central monitoring service. Uponconnection to the wireless network, routing tables throughout thewireless network may be updated.

Devices may enter, e.g., become part of, a wireless mesh network in themanner described above, or in any other appropriate manner. Likewise,devices may also leave the wireless mesh network. For example, devicesmay be deactivated or lose power, causing the devices to leave thenetwork. In some cases, loss of a single device may affect communicationto numerous other devices on the network. For example, a single devicemay be the primary pathway over which communications to numerous otherdevices pass. As a result, loss of that device also interrupts thatprimary path, necessitating re-routing of communications through thewireless mesh network. This re-routing can affect the contents ofrouting tables in nodes and coordinators.

The example processes described herein enable routing of data packetsthrough a changing network environment resulting, e.g., from devicesentering or leaving the network. This is done by updating configurablerouting tables that are distributed across all or some routing nodes inthe network. The processes may be used on wireless mesh networks of anysize; however, they may have particular applicability to small-tomedium-sized networks, in contrast to large wide area networks such asthe Internet.

The implementation below is of wireless mesh network 200 updatingrouting tables based on packet transmissions through node 201 andcoordinators 210, 211.

Referring to the flowchart of FIG. 3, in this example implementation, anode (such as node 201) connects (301) to a network(such as network200). Such connection may be implemented in any appropriate manner usingone or more processes, e.g., through appropriate communication tocoordinator 210. In response, a first coordinator (such as coordinator210), to which the node has connected, generates and transmits (302) arouting packet containing, in its mesh header (the part of the packetreserved for routing information), the coordinator's short address, thenode's short address, and an route count value of zero. In this example,the routing packet is transmitted to advise other devices (e.g.,coordinators) in the RF vicinity of the first coordinator of theaddition of the node to the network. Information in the routing packetis known to the first coordinator beforehand or is obtained throughcommunication with the node. In this example implementation, a shortaddress is a 2-byte/16-bit random, uniquely-assigned number thatidentifies a device (a node, a coordinator, or another network device)within the network. In other implementations, the short address may bereplaced by any other appropriate node and/or coordinator identificationinformation The route count is a value that is incremented at each node(hop), and is used as described below.

A second coordinator, such as coordinator 211, receives (303) therouting packet from coordinator 210. Coordinator 211 checks its routingtable entries to determine if information from the routing packet isalready present in the routing table. If that information is not alreadypresent (which it should not be at this point), coordinator 211 records(e.g., stores) (304), in its routing table 207, a routing entry thatincludes coordinator 210's short address, node 201′s short address, andthe route count incremented by one (the route count at coordinator 210being set at zero). This routing entry is usable by coordinator 211 toroute data to/from node 201.

Routing table 207 also stores an “expire count” and a “poll count” foreach routing entry in routing table 207.The expire count is a valuecorresponding to (e.g., equal to) the greatest number of times a routeentry will be checked before being deleted from the routing table. Thepoll count is a value corresponding to (e.g., equal to) the greatestnumber of times a routing table entry will be checked by a device beforerouting information for that entry is retransmitted. The values for theexpire count and the poll count are either propagated through thenetwork by the coordinators or are hard-coded into the routing table ofeach device. Other arrangements are possible. Each entry of the routingtable may include counters corresponding to the expire count and to thepoll count. These counters are incremented by one each time thecorresponding routing table entry is checked. The corresponding countervalues are compared to the expire count and poll count, and the resultsof the comparisons are used as described below.

Coordinator performs a check to determine whether the route countincremented by one exceeds a maximum count stored in routing table 207.In this example implementation, the maximum count is a numbercorresponding to (e.g., equal to) the greatest number of hops throughwhich a packet will be routed.

If the route count does not meet or exceed the maximum count,coordinator 211 transmits (305) the routing packet to other coordinators(such as coordinator 212) that are within its RF vicinity. Otherwise, ifthe route count meets or exceeds the maximum count, the routing packetis not transmitted. In this regard, if the route count meets or exceedsthe maximum count, the maximum number of hops has been reached atcoordinator 211. Thus, no further transmission of the routing packet ispermitted, which is why the routing packet is not transmitted to anotherdevice (e.g., coordinator) on the network. The route count for eachrouting table entry may be stored in the routing table,

As coordinator 211 checks entries of its routing table 207, thecorresponding expire counter and poll counters for entries in routingtable 207 are each incremented by one, as described above. If an expirecount value reaches the stored expire count, then the correspondingentry in the routing table is deleted (306). As noted, the expire countis a value corresponding to (e.g., equal to) the greatest number oftimes a route entry will be checked before being deleted from therouting table. Generally, the expire count is used to adjust thenetwork's configuration resulting, e.g., from movement of nodes into orout of the network. If the expire count is reached, the correspondingrouting entry is deleted on the assumption that the entry may no longerbe valid. Notably, a check is not performed to determine whether theentry is still valid. Rather, the entry is assumed not to be valid anylonger, and is deleted. Thus, the system forces the network toreestablish routing pathways after a certain number of checks(look-ups), thereby reducing the number of potentially invalid routes inthe routing table.

If the poll count value reaches the stored poll count and the routecount for a corresponding routing table entry has a value of zero (e.g.,the device is the coordinator to generate the routing packet and thusthe first coordinator to transmit the routing packet), then routinginformation for that entry is re-transmitted (307). This allows forperiodic updating of routing table entries from source devicesthroughout the network.

A coordinator uses the routing table built and maintained in the mannerdescribed above to route data packets during normal network operation.For example, when a coordinator (e.g., coordinator 211) receives aregular (e.g., non-routing) data packet having the coordinator's shortaddress in the mesh header, the coordinator uses the destination's shortaddress (also found in the mesh header) to check for, and to identifycorresponding values in the routing table, if available. The values maybe, e.g., the address of one or more devices on a network path to thedata packet's destination. In this example, coordinator 211 performs thecheck, and obtains the values from its routing table 207. Thecoordinator then uses the values obtained front its routing tables tore-address the mesh header of the packet to forward the packet to itsdestination. If the count is zero in the table, then the coordinatorfills in the destination address in the mesh header instead of acoordinator address before sending the packet.

The nodes and coordinators may be implemented using any appropriate typeof computing device, such as a mainframe work station, a personalcomputer, a server, a portable computing device, or any other type ofintelligent device capable of executing instructions, connecting to anetwork, and forwarding data packets through the network. The nodes andcoordinators can execute any appropriate computer programs to generate,receive, and transmit data packets for use on the network.

Each of nodes 201 to 205 and coordinators 210 to 212 may include one ormore non-transitory machine-readable media, such as computer memory (notshown), to store executable instructions. Each of these devices may alsoinclude one or more processing devices (e.g., microprocessors,programmable logic, application-specific integrated circuits, and soforth) for executing the instructions to perform all or part of thefunctions described herein. In some implementations, the structure ofnodes 201 to 205 may be about the same as the structure of coordinators210 to 212. This may not be the case in other implementations, e.g.,their structures may be different. Each device, however, is programmableto implement appropriate functionality.

Elements of different implementations described herein may be combinedto form other embodiments not specifically set forth above. Elements maybe left out of the structures described herein without adverselyaffecting their operation. Furthermore, various separate elements may becombined into one or more individual elements to perform the functionsdescribed herein.

An example, non-limiting application of the WSN of FIGS. 1 to 3 is in asecurity system for intrusion detection, tire, toxic gas, monitor, etc.installed at one or more premises such as one or more residential housesor building(s) and especially in, e.g., commercial, industrial,buildings, complexes, etc.

In some typical intrusion detection system implementations, an intrusiondetection panel is included, whereas in others more sophisticatedmanagement systems are included. Sensors/detectors may be disbursedthroughout the premises. The intrusion detection system may be incommunication with a central monitoring station (also referred to ascentral monitoring center one or more data or communication networks(on(y one shown), such as the Internet; the phone system, or cellularcommunication system.

The intrusion detection panel may be configured to receive signals fromplural detectors/sensors that send, to the intrusion detection panel,information about the status of the monitored premises. Several types ofsensor/detectors (unless otherwise noted are used interchangeablyherein) may be used. One type of detector is a detector that sends abinary signal that indicates presence or absence of an event. Examplesof these types of detectors include glass break detectors and contactswitches. Another type of detector is a detector sends metadata thatincludes data resulting from processing applied by the detector toinputs received by the sensor. Examples of these types of detectors mayinclude microphones, motion detectors, smart switches and cameras,recognition devices and so forth.

Some of the detectors' sensors may be hard wired but in general thedetectors communicate with systems wirelessly over the WSN. In general,detectors sense glass breakage, motion, gas leaks, fire, and/or breachof an entry point, and send the sensed information over the WSN, asneeded and appropriate. Based on the information received from thedetectors, the intrusion detection panel determines whether to triggeralarms, e.g., by triggering one or more sirens (not shown) at thepremise and/or sending alarm messages to the monitoring station.

As described above with respect to FIGS. 1 to 3, the WSN may include anycombination of wired and wireless links that are capable of carryingpacket and/or switched traffic, may span multiple carriers and a widegeography, and hay have the features discussed above. In an exampleimplementation, portions of WSN may include the Internet. In anotherimplementation, the WSN may include one or more wireless links, and mayinclude a wireless data network, e.g., with tower such as a 2G, 3G, 4Gor LTE cellular data network. The panel may be in communication with thenetwork by way of Ethernet switch or router (not illustrated). The panelmay include an Ethernet or similar interface, which may be wired orwireless. Further network components, such as access points, routers,switches, DSL modems, and the like possibly interconnecting the panelwith the data network are not illustrated.

The wireless network described above may include multiple types ofhardware devices, a single software stack, and a single (e.g.,relatively narrow set of applications addressed by the hardware andsoftware. Each device's software may be configured to service differente.g., device-specific) sensors and other inputs, but use a common,single wireless radio software stack to participate in a single commonnetwork. For example, a set of door and window locks and motion sensorsin a building may be wirelessly linked on a common network.

As wireless networks become large and the applications addressed by them(in the same building installation) become more diverse the number ofnodes sharing one set of channels can have a practical limit, andsub-coordinators in the network can support a limited number of attachedchildren (subordinate) nodes. In some implementations, sub-coordinatorsinclude fully functional nodes in the network that serve as parent nodesto multiple end-nodes and other sub-coordinators, but that do not serveas the main wireless network access point on a gateway. Also, it may beconvenient to administer different sets of nodes differently.

The network therefore can be run as separate sub-networks (or“sub-nets”). For example, all door look nodes are together in onesub-network, and all motion sensor nodes are together in a differentsub-network, because those sets of nodes will generally have applicationlayer software and hardware configurations that are specific to thenodes' roles.

For large building installations having a number of differentsub-networks, all sharing a set of channels (and sometimes competingwith each other for some of those channels), bandwidth can be wasted.For example, two sub-networks 1 and 2 may each have a dozensub-coordinators that collectively administer thousands of end-nodes. Ifsub-network 1 is very busy at a given time and sub-network 2 is notbusy, sub-network 2's bandwidth may be under-utilized from a totalsystem perspective.

Also, in administration of separate sub-networks, there may be no wayfor nodes in separate sub-networks to share data quickly and directlywith one another in special situations where very quick action (e.g.,tow message latency) is preferable. In a traditional wireless networkarchitecture, a message from anode in one sub-network must go to acommon gateway (or even a common server) prior to being delivered to thedestination node in a second, different sub-network. Such anarchitecture introduces complexity and latencies that may beundesirable.

In addition, in some cases, nodes in one sub-network may be inpossession of data and/or information that is needed to improve behavioror capabilities in a second, different sub-network. An example might beinformation regarding an emergency condition where direct sub-network tosub-network interaction could be advantageous.

Described is a network management system. In example implementations ofthe network management system, sub-networks are administered separately,but can share resources in some controlled way, and can be used toreduce latency in messaging between sub-networks, and/or supplyinformation and data available in one sub-network that may be useful tonodes residing in a second sub-network. Accordingly, sub-networks may beable to operate in a collaborative fashion.

For example, in some implementations, the network management systemdescribed herein establishes temporary, purpose-specific, supervisedbridges between sub-networks. This can be done between nodes indifferent sub-networks, including, but not limited to, (1) a pair offully functional nodes such as two sub-coordinators, (2) asub-coordinator and a constrained device (e.g., an end-node), or (3)between two end-nodes.

Sub-network bridges may be used for purposes including the following.

In an example of a bridge between two sub-coordinators, asub-coordinator may have messages (or other traffic) pending from nodesin its own network and request, via the bridge, that another sub-networkrelieve some of this traffic pressure.

In an example of a bridge between two sub-coordinators, the twosub-coordinators interact to work-around a lost link or route. Forinstance, traffic in one sub-network cannot be routed to the gatewayusing routes entirely inside one sub-network, so the sub-coordinator mayseek a new route for its traffic via the bridge and new routes in theadjacent sub-network.

In an example of a bridge between a sub-coordinator and an end-nodeinterface, an end-node in one sub-network may need to find a secondauxiliary route for its messages bound for the gateway and, therefore,use an established bridge.

In another example, a first end-node in one sub-network may need to senda message to a sleeping end-node in a second sub-net. In this case, thefirst end-node may send that message to the sleeping end-node's parentsub-coordinator, which would in turn forward the message to the sleepingnode when upon awakening.

In an example of a bridge between two end-nodes, the bridge may be usedto reduce e.g., minimize latency of an urgent message. For example, if adoor motion sensor detected the opening of a door, the sensor may needto inform a node attached to a video camera in a very short time—shortenough to allow the camera to successfully record the images of a personpassing through the doorway.

The processes described herein may enable specific links (bridges),which may be temporarily established from an application layer usingspecific rules, and which are produced in the networking and mediaaccess control layers of the network. In some implementations,therefore, advantages of the bridges can be achieved without sacrificingthe advantages of having separate sub-networks.

In an example implementation, the processes described herein allow upperlayer (management) applications in the cloud and gateway to plan howdynamically loadable functions (e.g., re-locatable executable code) isstored in a distributed manner throughout a collection of edge tiernodes located in different sub-networks. For example, suppose that asub-network 1 contains nodes that routinely use a particular codemodule, and a sub-network 2 contains nodes that do not normally use, andare not programmed with, that module. Also suppose that under somespecial circumstance, a node or nodes in sub-network 2 requires thatmodule. Absent the processes described herein, the gateway would betasked with sending the required code module to the nodes in sub-network2. This may unnecessarily burden the gateway and also result in highernetwork traffic and message delivery latency if multiple hops wererequired to deliver the code from the gateway to the destinationend-nodes. Using the processes described herein, however, a specialtemporary link (referred to herein as the bridge) can be set up betweenan end-node in sub-network 1 and appropriate node(s) in sub-network 2.This link may be used to deliver the required code directly betweensub-networks, in a single message hop or perhaps a limited number ofhops. A related example is one where, as a result of a conditionoccurring in node A, some behavior would be exhibited in node B (e.g.,the aforementioned linked door sensor and video camera use case).Because of the special link (bridge) between these two nodes will allowfor peer-to-peer interaction, in some cases, the required behavior canoccur with a reduced latency and without requiring gateway or controllerinteraction, or at least with a reduced amount of gateway or controllerinteraction.

FIG. 4 shows a portion 400 of example network 100 that includes agateway 401 (not shown in FIG. 1) administering two separatesub-networks 403, 404 with two corresponding sub-coordinators andend-node sets. In this example, the “F” (e.g., fully functional) node406 attached to the gateway is the overall network access point (e.g.,the “PAN Coordinator”). In this example, the other two “F” nodes 408,409 are fully functional nodes acting as sub-coordinators and, as such,set up and administer the two separate and distinct sub-networks 403,404, respectively. In this example, each sub-network 403, 404 isadministered externally through its corresponding gateway and accesspoint 406, but functions separately using separate channel sets and, insome examples, even separate sets of security keys, frequency hoppingparameters, and other sub-network specific networking and MAC/PHY (mediaaccess control/physical) layer parameters. In this example, the “C”nodes (end-nodes/“constrained” nodes) are each attached to theirrespective sub-net's sub-coordinator. The solid and dotted lines shownin FIG. 4 between sub-coordinators and end-nodes show the formal(sub-network membership) relationship that each end node has with itsrespective sub-coordinator.

FIG. 5 shows example network 400 of FIG. 4, in which a special link(referred to herein as a bridge 500) has been established between anend-node 501 in the first sub-network 403 and an end-node 502 in thesecond sub-network 404. In this example implementation, bridge 500 isestablished using an application-layer generated message from gateway401 that is sent to first end-node 501. The message is illustrated inFIG. 5 by the heavy, dashed arrow 505. The message includes network (andother) information and security information to establish the bridge. Forexample, first node 501 uses the information to establish acommunication path to second node 502, and stores that information innode 501's routing table.

A second message 507 sent along the special link (the solid, heavy arrowin FIG. 5) is sent from first end-node 501 to second end-node 502 aspart of the process for establishing the special link (bridge) betweenthe two peers (the first and second end-nodes 501, 502). The secondmessage contains appropriate information required to establish thecommunication link. In other implementations, the bridge may beestablished using a different process than the messaging described here.

In the example implementation described above, the special link (bridge)is initiated by supervisory application layer code in external hosts(e.g., gateway 401, which can be considered “external” to the wirelessnetwork) and is implemented by application layer code on the nodes(e.g., 501, 502, etc.) inside the sub-networks 403, 404. In thisexample, the networking layers do not use pre-configured searching orscanning methods, or pre-programmed rules to set up the link betweennodes 501 and 502. In this example, the networking layer plays a purelypassive role in setting up links; however, that need not always be thecase. In this example, the networking layer delivers messages accordingto routing tables and networking/MAC layer protocols, but the coderunning in the application layer (in this example, in gateway 401)initiates set-up/establishment of the direct link between sub-networks.

In the examples of FIGS. 4 and 5, the application layer stores the linkinformation itself and makes explicit changes to the networking and MAClayer control configurations as necessary to support message deliverybetween different sub-nets. This is typically done prior to actuallysending an inter-sub-network message via those layers.

In some implementations, the information used to set up the special link(bridge) between a node (e.g., 501) in first sub-network 403 and anode(e.g., 502) in a second sub-network 404 may include, but is not limitedto, the following details related to the second sub-net: (1) sub-networkID (identifier); (2) sub-network security certificate(s); (3) securitynotices or nonce seeds, or a code which can be used to generate suchnonce information within the node; (4) channel sets and frequencyhopping order and timing information; (5) dwell times; (6) radio/PHYlayer packet filtering sequences (e.g., start bytes); (7) link timeduration or expiration time; (8) UDP ports and other application layercode references and indices; (9) data rates; (10) DSSS (direct sequencespread spectrum) chip sets or set codes; (11) TX (transmitting) powerlevels; (12) RX (receiving) sensitivity thresholds; (13) other MAC andPHY layer configuration data; and (14) routing table information andspecific table entries. In some implementations, the application layercode and node 501 may use all or some of the foregoing information toestablish a connection between node 501 and 502 in the manner describedherein. This list of information as an example and any other appropriateinformation used to set up communication between the two nodes can besent by the managing application layer function. Likewise, in someimplementations, a subset, or none, of the foregoing information may beused to establish the bridge. Rather, other, different information maybe used to establish the bridge. The above link-specific informationcould be referenced as a single unit (data structure construct orinstance) and given a unique ID number for referencing.

Also provided is a link management module software entity stored in oneor more hardware storage devices (e.g., computer memory) inside theapplication layer of the gateway or cloud host, or delegated by thathost to a wireless sub-net's sub-coordinator. The link management modulemay be executed by hardware to manage a set of links established betweennode pairs on different sub-nets. Such a management module could includea table of links having fields such as (1) a node ID of a first node;(2) a node ID of a second node; (3) a link ID (referencing datastructure information such as that described above); (4) additional linkdetails (e.g., including, but not limited to, particular link details ordata values of the data structure associated with the link ID).

The link management module may also implement processes to determine theeconomy/benefit/advisability of establishing or terminating a speciallink.

Some links may be temporary with definite expiration dates (ranging fromlifetimes or a few microseconds to many days), or they may be ofindeterminate length, existing until specifically terminated, e.g., bythe upper layer management layers.

Examples of applications using special links (bridges) may include, butare not limited to the following: (1) a camera node paired with a motionsensor node, allowing the camera to be activated when a body passes nearthe motion sensor; (2) a portable fire extinguisher node being told tosearch for a mobile node on the personal equipment of a firefighter whois thought to be lost in a burning building; (3) a rain sensor nodewhich is told to inform a lawn sprinkler controller node of the presenceof heavy rain and then to execute a specific action, such as disablingthe sprinklers; and (4) access control/door lock nodes which are told tosearch for messages from nodes in a fire detection system during anemergency. Communications over the bridge may be routed directly fromnode 501 on the first subnet to node 502 on the second subnet, withoutpassing through the gateway. Appropriate routing information stored inthe routing tables of nodes 501 and 502 (in this example) enable suchdirect communication.

In example implementations, each of the network devices described herein(e.g., including, but not limited to, a server, a gateway,coordinators/sub-coordinators, and end-nodes) may include one or morenon-transitory machine-readable media, such as computer memory (notshown), to store executable instructions. Each of the network devicesmay also include one or more processing devices (e.g., microprocessors,programmable logic, application-specific integrated circuits, and soforth) for executing the instructions to perform all or part of theircorresponding functions described herein. In some implementations, thestructure of different devices may be the same or about the same, or thestructures of different devices may be different. Each device, however,is programmed with appropriate functionality.

FIG. 6 shows an example of a security system having features of the WSNdescribed with respect to FIGS. 1 to 5 and having the variousfunctionalities described herein. As shown in FIG. 6, correlationprocessing receives inputs from certain constrained nodes (althoughthese can also be fully functional nodes). These inputs may includecredential information and video information, and the correlationprocessing may produce correlated results that are sent over thenetwork. Context management processing receives inputs from certainconstrained nodes (although these can also be fully functional nodes)e.g., credential information and video and grouping information, andperforms context processing with results sent over the network. Thenetwork supports operation of emergency exit indicators; emergencycameras as well as distributed rule processing and rule engine/messagingprocessing. Range extenders are used with e.g., gateways, and a realtime location system receives inputs from various sensors (e.g.,constrained type) as shown. Servers interface to the WSN via a cloudcomputing configuration and parts of some networks can be run assub-nets.

The sensors provide in addition to an indication that something isdetected in an area within the range of the sensors, detailed additionalinformation that can be used to evaluate what that indication may bewithout the intrusion detection panel being required to performextensive analysis of inputs to the particular sensor.

For example, a motion detector could be configured to analyze the heatsignature of a warm body moving in a room to determine if the body isthat of a human or a pet. Results of that analysis would be a message ordata that conveys information about the body detected. Various sensorsthus are used to sense sound, motion, vibration, pressure, heat, images,and so forth, in an appropriate combination to detect a true or verifiedalarm condition at the intrusion detection panel.

Recognition software can be used to discriminate between objects thatare a human and objects that are an animal; further facial recognitionsoftware can be built into video cameras and used to verify that theperimeter intrusion was the result of a recognized, authorizedindividual. Such video cameras would comprise a processor and memory andthe recognition software to process inputs (captured images) by thecamera and produce the metadata to convey information regardingrecognition or lack of recognition of an individual captured by thevideo camera. The processing could also alternatively or in additioninclude information regarding characteristic of the individual in thearea captured/monitored by the video camera. Thus, depending on thecircumstances, the information would be either metadata received fromenhanced motion detectors and video cameras that (performed enhancedanalysis on inputs to the sensor that gives characteristics of theperimeter intrusion or a metadata resulting from very complex processingthat seeks to establish recognition of the object.

Sensor devices can integrate multiple sensors to generate more complexoutputs so that the intrusion detection panel can utilize its processingcapabilities to execute algorithms that analyze the environment bybuilding virtual images or signatures of the environment to make anintelligent decision about the validity of a breach.

Memory stores program instructions and data used by the processor of theintrusion detection panel. The memory may be a suitable combination ofrandom access memory and read-only memory, and may host suitable programinstructions (e.g. firmware or operating software), and configurationand operating data and may be organized as a file system or otherwise.The stored program instruction may include one or more authenticationprocesses for authenticating one or more users. The program instructionsstored in the memory of the panel may further store software componentsallowing network communications and establishment of connections to thedata network. The software components may, for example, include aninternet protocol (IP) stack, as well as driver components for thevarious interfaces, including the interfaces and the keypad. Othersoftware components suitable for establishing a connection andcommunicating across network will be apparent to those of ordinaryskill.

Program instructions stored in the memory, along with configuration datamay control overall operation of the panel.

The monitoring server includes one or more processing devices (e.g.,microprocessors), a network interface and a memory (all notillustrated). The monitoring server may physically take the form of arack mounted card and may be in communication with one or more operatorterminals (not shown). An example monitoring server is a SURGARD™SG-System III Virtual, or similar system.

The processor of each monitoring server acts as a controller for eachmonitoring server, and is in communication with, and controls overalloperation, of each server. The processor may include, or be incommunication with, the memory that stores processor executableinstructions controlling the overall operation of the monitoring server.Suitable software enable each monitoring server to receive alarms andcause appropriate actions to occur. Software may include a suitableInternet protocol (IP) stack and applications/clients.

Each monitoring server of the central monitoring station may beassociated with an IP address and port(s) by which it communicates withthe control panels and/or the user devices to handle alarm events, etc.The monitoring server address may be static, and thus always identify aparticular one of monitoring server to the intrusion detection panels.Alternatively, dynamic addresses could be used, and associated withstatic domain names, resolved through a domain name service.

The network interface card interfaces with the network to receiveincoming signals, and may for example take the form of an Ethernetnetwork interface card (NIC). The servers may be computers,thin-clients, or the like, to which received data representative of analarm event is passed for handling by human operators. The monitoringstation may further include, or have access to, a subscriber databasethat includes a database under control of a database engine. Thedatabase may contain entries corresponding to the various subscriberdevices/processes to panels like the panel that are serviced by themonitoring station.

All or part of the processes described herein and their variousmodifications (hereinafter referred to as “the processes” can beimplemented, at least in part, via a computer program product, i.e., acomputer program tangibly embodied in one or more tangible, physicalhardware storage devices that are computer and/or machine-readablestorage devices for execution by, or to control the operation of, dataprocessing apparatus, e.g., a programmable processor, a computer, ormultiple computers. A computer program can be written in any form ofprogramming language, including compiled or interpreted languages, andit can be deployed in any form, including as a stand-alone program or asa module, component, subroutine, or other unit suitable for use in acomputing environment. A computer program can be deployed to be executedon one computer or on multiple computers at one site or distributedacross multiple sites and interconnected by a network.

Actions associated with implementing the processes can be performed byone or more programmable processors executing one or more computerprograms to perform the functions of the calibration process. All orpart of the processes can be implemented as, special purpose logiccircuitry, e.g., an FPGA (field programmable gate array) and/or an ASIC(application-specific integrated circuit).

Processors suitable for the execution of a computer program include, byway of example, both general and special purpose microprocessors, andany one or more processors of any kind of digital computer. Generally, aprocessor will receive instructions and data from a read-only storagearea or a random access storage area or both. Elements of a computer(including a server) include one or more processors for executinginstructions and one or more storage area devices for storinginstructions and data. Generally, a computer will also include, or beoperatively coupled to receive data from, or transfer data to, or both,one or more machine-readable storage media, such as mass storage devicesfor storing data, e.g., magnetic, magneto-optical disks, or opticaldisks.

Tangible, physical hardware storage devices that are suitable forembodying computer program instructions and data include forms ofnon-volatile storage area, including by way of example, semiconductorstorage area devices, e.g., EPROM, EEPROM, and flash storage areadevices; magnetic disks, e.g., internal hard disks or removable disks;magneto-optical disks; and CD-ROM and DVD-ROM disks and volatilecomputer memory, e.g., RAM such as static and dynamic RAM, as well aserasable memory, e.g., flash memory.

In addition, the logic flows depicted in the figures do not require theparticular order shown, or sequential order, to achieve desirableresults. In addition, other actions may be provided, or actions may beeliminated, from the described flows, and other components may be addedto, or removed from, the described systems. Likewise, actions depictedin the figures may be (performed by different entities or consolidated.

Elements of different embodiments described herein may be combined toform other embodiments not specifically set forth above. Elements may beleft out of the processes, computer programs, Web pages, etc. describedherein without adversely affecting their operation. Furthermore, variousseparate elements may be combined into one or more individual elementsto perform the functions described herein.

Other implementations not specifically described herein are also withinthe scope of the following claims.

What is claimed is:
 1. A system comprising: a gateway between a firstsub-network and a second sub-network, the first sub-network beingisolated from the second sub-network, the gateway being configured tosend, to a first node of the first sub-network, information for use inestablishing a bridge to a second node of the second sub-network; and adevice comprising the first node, the first node being configured to usethe information to establish a bridge to the second node, the bridge forenabling communication between the first node and the second node thatdoes not pass through the gateway.
 2. The system of claim 1, furthercomprising: a second device comprising the second node, the first nodebeing configured to send a second message to the second node toestablish the bridge.
 3. The system of claim 1, wherein the second nodeis configured to communicate with the first node to establish thebridge.
 4. The system of claim 1, wherein the information comprises oneor more of the following: (1) sub-network ID (identifier); (2)sub-network security certificate(s); (3) security nonces or nonce seeds;(4) channel sets and frequency hopping order and timing information; (5)dwell times; (6) radio/PHY layer packet filtering sequences; (7) linktime duration or expiration time; (8) UDP ports; (9) data rates; (10)DSSS (direct sequence spread spectrum) chip sets or codes; (11) TX(transmitting) power levels; (12) RX (receiving) sensitivity thresholds;(13) MAC and PRY layer configuration data; (14) routing tableinformation and specific table entries; or (15) code that can be used togenerate nonce information.
 5. The system of claim 1, wherein thegateways stores application layer code, the application layer code beingconfigured to send the information for use in establishing the bridge.6. The system of claim 1, wherein the application layer code isconfigured to make changes to networking and MAC layer controlconfigurations to support message delivery between the first sub-networkand the second sub-network.
 7. The system of claim 5, wherein theapplication layer code comprises a link management module, the linkmanagement module being configured to determine attributes associatedwith establishing or terminating a bridge between differentsub-networks.
 8. The system of claim 1, wherein the gateway isconfigured to terminate the bridge in response to an event.
 9. Thesystem of claim 8, wherein the event comprises expiration of a timeduration.
 10. A method of establishing a bridge between a first node ofa first sub-network and a second node of a second sub-network, the firstsub-network being isolated from the second sub-network, the methodcomprising: a gateway sending, to a first node of the first sub-network,information for use in establishing a bridge to a second node of thesecond sub-network; and the first node using the information toestablish a bridge to the second node, the bridge enabling communicationbetween the first node and the second node that does not pass throughthe gateway.
 11. The method of claim 10, wherein the informationcomprises one or more of the following: (1) sub-network ID (identifier);(2) sub-network security certificate(s); (3) security notices or nonceseeds; (4) channel sets and frequency hopping order and timinginformation; (5) dwell times; (6) radio/PHY layer packet filteringsequences; (7) link time duration or expiration time; (8) UDP ports; (9)data rates; (10) DSSS (direct sequence spread spectrum) chip sets orcodes; (11) TX (transmitting) power levels; (12) RX (receiving)sensitivity thresholds; (13) MAC and PHY layer configuration data; (14)routing table information and specific table entries; or (15) code thatcan be used to generate nonce information.
 12. The method of claim 10,wherein the gateways stores application layer code, the applicationlayer code sending the information for use in establishing the bridge.13. The method of claim 10, wherein the application layer code makeschanges to networking and MAC layer control configurations to supportmessage delivery between the first sub-network and the secondsub-network.
 14. The method of claim 13, wherein the application layercode comprises a link management module, the link management moduledetermining attributes associated with establishing or terminating abridge between different sub-networks.
 15. The method of claim 10,wherein the gateway terminates the bridge in response to an event.